Online anonymisation can limit your exposure to mass surveillance. There’s an increasing number of initiatives around the world to attack our privacy with different excuses, such as “fighting terrorism”. That’s why the need to defend yourself from surveillance is more important than ever before. Although no measure is perfect, and it’s very difficult to protect yourself from targeted surveillance, using these tools can improve your privacy to a great extent.

How to claim back your freedom to stay anonymous

There are many ways of making identifying you online more difficult.

You should always delete your cookies and not save your browsing history (you can change this in the settings or preferences of your browser). Other easy solution to bring anonymity to your life is to start using Tor browser and search engines like DuckDuckGo or Startpage. Also, the use of privacy protective Virtual Private Networks (VPNs) is becoming more common among those who want to keep their internet use private.

Traditional cloud storage services such as Google Drive and Dropbox can be replaced with Spideroak Semaphor, as this provides better privacy and anonymity protection.

When you don’t want to store the file, but just share it with a group of people anonymously, you can use Onionshare. It allows you to securely share files of any size over a Tor network.

If you want to tackle the issue of anonymity at the operating system level, you should consider using Whonix along with QubesOS.

In the first episode of the “Do Not Track” webseries produced by ARTE TV, you will find more useful information about how much data we generate every day and how online tracking exposes a lot of private information:

What can politicians do to safeguard your freedoms online?

The rules on online privacy in the EU (ePrivacy Directive) will be soon updated. This law deals with privacy and confidentiality of communications for the entire EU, and it affects tracking and other issues related to your freedoms online. Are politicians ready to fight for your protection?

Read our previous blogposts here, and stay tuned to our next blogposts to know more about your freedoms online, and how they are threatened!

The “think tank” European Centre for International Political Economy (ECIPE) recently produced a database of “restrictions on data”. The database lists laws which, in ECIPE’s opinion, are barriers to trade in 65 economies worldwide, including the European Union, and it was produced apparently due to influence from “the business community”.

The database considers the EU Data Protection Directive 95/46/EC as a barrier to trade and a cross-border restriction on “data flows” in particular. One of the examples of such barriers is the Google Spain ruling. The description in the database is not entirely accurate, describing it as a right for individuals “to seek the deletion of links on search engines” about themselves if “the data appear to be inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes for which they were processed and in the light of the time that has elapsed”. In fact, the “right” only covers searches done on the basis of an individual’s name and not a “deletion of links”.

Similarly, the United States’ Millennium Copyright Act (DMCA), which reduces incentives for internet companies to delete content is also listed as a restriction on data. Illogically, failure to implement the broadly similar EU e-Commerce Directive in some countries is also listed as a barrier.

But things get even more peculiar. US internet companies in the Computer and Communications Industry Association (CCIA) are actively campaigning to have the right to restrict the communications of their users in a completely arbitrary way, without fear of any liability for unjustified restrictions on freedom of communication when they “voluntarily exceed their legal obligations”. The CCIA has also been lobbying for such a provision in the US and the EU and, coincidentally or not, the United States has now been pushing for this new, arbitrary restriction to be included in the Trade in Services Agreement (TiSA). TISA is currently being negotiated between the EU, the US and a variety of other members of the World Trade Organisation (WTO). At the same time as demanding this right to restrict the freedom of communication of internet users, the CCIA is also campaigning for the “free flow of data”.

Two of CCIA’s members are Google and Facebook, who can be assumed to be supportive of CCIA positions, including on the “free flow of data”. However, both of them have chosen to voluntarily implement the restrictive DMCA on a global level. This leads, for example, to Google voluntarily removing 77,1 million web addresses from its index for copyright reasons in the period 29 October 2016 to 29 November 2016.

Meanwhile, the European Commission seems to be strongly in favour of the “free flow of data”, as illustrated by numerous statements and speeches by Commission Vice-President Andrus Ansip. While insisting that this only refers to data “other than personal data”, several of the examples referred to relate explicitly to personal data. This strong Commission support for the free flow of data is being offered at the same time as restricting the proposed measures on text and data mining, at the same time as proposing that web hosting companies should implement upload filtering technologies and at the same time as Commissioner Günther Oettinger is praising the big telco “5G manifesto” that attacks net neutrality – and net neutrality is the very essence of free flow of data.

“When I use a word,” Humpty Dumpty said, in rather a scornful tone, “it means just what I choose it to mean—neither more nor less.”“The question is,” said Alice, “whether you can make words mean so many different things.”“The question is,” said Humpty Dumpty, “which is to be master—that’s all.”

An anonymous country singer, the watchdog-walking service and the I-have-nothing-to-hide musical. These were just a few elements thrown in by theatre producers and performers Oscar Kocken and Daan Windhorst. Just add a crash course “Lying with charts”, a few tasteful awards, and you have an awards ceremony – simultaneously funny and serious – about privacy.

Which emotions did Hans de Zwart, Director of the Dutch EDRi member Bits of Freedom show when he talked about a world full of cameras that analyse faces and facial expressions? With the help of a set of websites and promotional videos, he showed what the current state of facial recognition technology is. Although its use is still limited, it will definitely expand rapidly during the years to come. Yet another chapter from Orwell’s novel “1984” is about to become reality.

Of course, an award ceremony needs the awards. Edith Schippers, Dutch Minister of Health, Welfare and Sport, received the Big Brother Award for her bill for the expansion of health insurance companies’ ability to obtain access to the medical files of patients in order to tackle fraud. For the public that nominated the minister, this is one of many cases in which the doctor-patient confidentiality is being crumbled.

The experts granted their award to the municipality of Rotterdam. Since 2006, municipalities have the legal means to refuse housing to “unemployed newcomers” in certain neighbourhoods of the city. By now, fifteen municipalities have consulted the police on whether they are familiar with these people. “Citizens are being labelled as potential risks, and they are in fact preventively punished for actions they have not yet committed, based on criteria and data of which they are not even aware”, said Bart de Koning, one of the experts.

The “Felipe Rodriguez Award” is the award Bits of Freedom grants for an extraordinary contribution to enhancing privacy. This year, the award was given to Open Whisper Systems, the developer of the encrypted instant messaging and voice calling application Signal and the end-to-end encryption protocol of the same name. Signal enables users to communicate securely: only the receiver can decrypt the sender’s message. Open Whisper System’s goal is to make mass surveillance impossible. Therefore, they even helped competing mobile apps, such as WhatsApp, Facebook and Google’s Allo, that now allow over a billion people to communicate securely. During her speech, Lilia Kai, Open Whisper Systems developer, urged the audience to remain optimistic: “We cannot win a war against surveillance if we are losing a battle against ourselves.”

As a part of the Big Brother Awards, the attendees could visit an exhibition “Rendering Realities” by Leonardo Selvaggio. Entering the exhibition, they were handed out masks to protect themselves against facial recognition.

In the context of identifying the root cause of security breaches or attacks, we often see the threats emerging from weapons such as botnets, viruses, malware, etc. However, the biggest network security threats can also reside within a company. For this reason, modern techniques of network security forensics – the process of identifying the root cause of network-based crimes – rely on threat intelligence. Threat intelligence facilitates the implementation of a range of preventive measures. Let’s have a look into one of the many definitions of this term.

Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.

With the increase of attacks on the internet and the supporting infrastructure, the efforts to make these systems more secure has seen a rapid rise. The cyber security industry is shifting from the traditional “detect and improve” approaches towards “predict and prevent” methodologies, as they aim to build fail-safe security solutions. The advancements in the fields of machine learning, artificial intelligence, data mining, and pattern matching had contributed substantially to predict the future attacks based on the previous failures of the system when they were attacked and compromised. Undoubtedly, these technologies have provided new dimensions of protecting any internet companies’ assets, which the classical cryptography failed to address. Indeed, the “predict and prevent” methodologies of securing internet businesses is a must have weapon to survive in the constant arms race of the internet.

The network security companies selling threat intelligence products rely on many machine learning techniques to intelligently predict the future occurrence of security breaches. The expression threat intelligence is not only trendingin the world of internet jargon, it has also made its way to the most frequently used word everywhere in the sales pitches of the security industry. This fancy buzzword may attract more customers (mainly big corporations) to adapt the threat intelligence products within their systems. However, it raises some privacy concerns from an end-user point of view.

Traditional threat intelligence software includes honeypots, firewall policies, and various pattern recognition techniques. However, due to the increased demand for addressing insider threats, modern software is very much focused on recording and recognising anomalous human behaviour. In simpler words, nothing but the software could monitor people’s computers (mainly desktops) and present insightful analytics in a very sophisticated manner. Not so surprisingly, some of these companies can be found in the Surveillance Industry Index (SII) built by Privacy International and Transparency Kit.

Over the past couple of years, the digital environment in Serbia has become a new area for battle over information control. We’ve witnessed technical attacks on online media websites, attempts at suppressing information online, organised social media campaigns for narrative control, as well as offline tactics such as detentions, threats and equipment seizure. SHARE Foundation has been monitoring the state of digital rights and freedoms in Serbia from May 2014, having seen a large number of violations during the floods that hit the region at that time.

After more than two years of collecting and organising data, SHARE Lab researchers, an investigative data reporting team of SHARE Foundation, mapped and quantified the data and compiled it in a two-part story of information warfare tactics in Serbia, influenced by the politics of hidden “internet interventionism”. Governments are now able to use sophisticated ways of pressuring the free flow of information on the internet, which are often hard to detect. SHARE Lab examined some of these methods based on local experience from Serbia, as it is possible that they could be used by other governments around the world.

The first part of the research covers propaganda, domination and attacks on online media, while the second part is focused on the social media battlefield, arrests and detentions of individuals. Findings of the research have shown that online media news in Serbia, especially those during the campaign for parliamentary elections held in April 2016, are short-lived with a “lifespan” of just around two hours when they are commented on and shared, after which they are lost and replaced with new short-lived content. The info-sphere is dominated with fabricated comments, which are relentlessly upvoted or downvoted, depending on whether or not they support the narrative of government officials. A very similar method is applied on the two most popular social media platforms in Serbia: Facebook and Twitter. Technical attacks on media websites that publish content critical of government actions, attempts of suppressing “undesirable” internet content, as well as targeted attacks on individuals, such as manipulations with their online identities, make up the rest of the matrix of domination in the Serbian info-sphere.

On the other hand, challenges are also present in the offline arena: journalists, activists and netizens expressing their opinions and views online faced arrests and detention. This was most evident during the above mentioned floods, when citizens were called in for questioning by the police on suspicion they were “inducing panic” with their posts on social media. There was also the problem of “selective reaction” from the authorities; they reacted quickly in cases of threats made to high-ranking state officials, but were not so diligent when journalists or activists were targeted. These pressures lead to insecurity and fear, a chilling effect on the general public, privacy violations and discouraging public dialogue on matters of public interest.

In April 2016, the European Ombudsman launched an investigation into the European Commission’s failure to disclose information of the “EU Internet Forum”. The EU Internet Forum brings together US internet companies (Microsoft, Facebook, Twitter, Google), government officials, and law enforcement agencies to discuss how to reduce the accessibility of undefined “terrorist material” and badly defined “hate speech” online (as defined by 28 different national laws that are not even properly implemented in some countries).

It is certainly important to address and prosecute illegal online activity. However, it is worrying that the Commission proposes yet again an initiative to encourage internet companies to take “voluntary” actions in response to a very diverse range of possibly illegal or unwanted online activity. As shown through numerous examples around the globe, voluntary measures by online service providers often come with collateral damage and have a negative impact on the freedom of expression.

In 2015, EDRi requested access to documents related to the EU Internet Forum. As a result, we only received heavily redacted documents that revealed nothing but an apparent disregard for the fundamental rights of European citizens. In February 2016, we filed the complaint to the Ombudsman in which we argued that the Commission wrongly refused full access to two documents.

According to rules on access to documents, the EU Commission can refuse access and make use of certain exceptions, for instance, for the protection of public security. In its response to EDRi, the EU Commission made use of this exception and argued that by making documents and details of the initiatives public “would allow them [terrorist groups] to circumvent counter-terrorism measures”.

The fact that the Commission uses the term “circumvention” in the context of reducing online accessibility of undefined “terrorist material”, demonstrates that the restriction of communications was the object of discussions with industry representatives The Commission identified the circumvention as a risk to the restriction on the freedom of communication of the initiative. This means that there is a restriction on the freedom of expression and this, in turn, means that a legal basis is required, as detailed to Article 52 of the Charter of Fundamental Rights of the European Union. In a letter to the Ombudsman of 29 November 2016, EDRi responded therefore that the EU Commission is obliged to make at least the underlying legal basis or reasoning public. The Commission has previously used the rather tenuous argument that, if it or Member States persuade companies to implement measures without a law, then this is “voluntary” and therefore the Commission and the Member States are no longer bound by the primary law of the European Union.

Secondly, the Commission claimed that releasing the documents would undermine public security in a foreseeable and not purely hypothetical manner. To prove the real nature of the threat, the Commission quoted two press articles which report on threats to CEOs of US-based IT companies.

In our response, we argued that in the absence of a confirmation by law enforcement, press reports and claims by industry representatives in the media are insufficient proof of the reality of the threat. Furthermore, we found it clearly implausible to argue that revealing additional details regarding the scope of the initiative would lead to a new threat for the industry representatives.

The EU Internet Forum will meet again on 8 December 2016. In the absence of transparent procedures, we will continue to communicate on potential threats to our rights and freedoms.

BRUSSELS—European Union Member States must ensure that a new effort to standardise counterterrorism laws does not undermine fundamental freedoms and the rule of law, a group of international human rights organisations said today.

Amnesty International, the European Network Against Racism (ENAR), European Digital Rights (EDRi), the Fundamental Rights European Experts (FREE) Group, Human Rights Watch (HRW), the International Commission of Jurists (ICJ) and the Open Society Foundations (OSF) are warning that the overly broad language of the new EU Directive on Combating Terrorism could lead to criminalising public protests and other peaceful acts, to the suppression of the exercise of freedom of expression protected under international law, including expression of dissenting political views and to other unjustified limitations on human rights. The Directive’s punitive measures also pose the risk of being disproportionately applied and implemented in a manner that discriminates against specific ethnic and religious communities.

The groups call on EU Member States to ensure that implementation of the Directive in national law includes additional safeguards to guarantee compliance with regional and international human rights obligations. These safeguards are especially important to ensure that any new laws passed, which will remain in place for years to come, cannot be used abusively by any government, including any that may be tempted to sacrifice human rights and due process in the name of pursuing security.

A terrorism Directive put together without a proper consultation, without any impact assessment and without meaningful public debate creates the worst possible outcome

said Joe McNamee, Executive Director of European Digital Rights.

It is too unclear to be implemented in a harmonised way across the EU, too shrouded in secrecy to have public legitimacy and too open to interpretation to prevent wilful abuse by governments seeking to exploit its weaknesses.

The groups also noted that the legislative process for adopting this Directive lacked transparency and opportunity for critical debate. There was no impact assessment of the proposal, negotiations moved forward without parliament-wide review of the text, and the proposal was rushed through behind closed doors and without any meaningful consultation of civil society.

Despite the inclusion of a general human rights safeguarding clause and repeated caution from our organisations the final text fails to fully protect human rights within the EU:

The Directive repeats the EU’s already overly broad definition of ‘terrorism,’ which permits states to criminalise, as terrorism, public protests or other peaceful acts that they deem ’seriously destabilise the fundamental political, constitutional, economic or social structures of a country or an international organisation.’

Significantly, the Directive requires states to criminalise a series of preparatory acts that may have a minimal or no direct link to a violent act of terrorism, and may never result in one being committed. For example the offences of participating in a terrorist group, travelling or receiving training for terrorist purposed are not adequately defined. Unless these broadly outlined offences are subject to careful drafting and strong safeguards in national law, they are likely to lead to violations of rights, including the right to liberty and freedoms of expression, association, and movement.

The Directive criminalises the public distribution of messages, including messages that ‘glorify’ terrorist acts, if the distribution is intentional and causes a danger that a terrorist offence may be committed. However, such a low threshold is likely to lead to abuse if not limited, as the UN recommends ‘to incitement that is directly causally responsible for increasing the actual likelihood of an attack’. The Directive should have incorporated this language to avoid unjustified interference with freedom of expression.

We welcome the Directive’s protection of activities of recognised humanitarian organisations. However we remain concerned that the protection does not expressly extend to all individuals providing medical or other life-saving activities that international humanitarian law (IHL) protects during times of armed conflict.

States should take the Directive as an opportunity to reassess their counterterrorism laws, policies and practices and engage with civil society and other stakeholders. We welcome the European Commission’s commitment to formally include civil society organisations in their activities to support transposition of the Directive.

Additional information:

A political agreement on the directive was reached by EU member governments in the European Council (COREPER) on 30 November, following negotiations with the European Parliament. Both the Council and the Parliament are expected to endorse the text without changes in December.

The jurisprudence of the Court of Justice of the EU and the Council’s own internal guidance both require legislators to assess the impact of all legislation with respect to the EU Charter of Fundamental Rights. The process that led to the agreement of this Directive fell short of this requirement.

Four and a half years after its adoption, the Commission is required to submit a report assessing the added value of the Directive to the European Parliament and the Council. The report must also cover the Directive’s impact on fundamental rights and freedoms, on the rule of law, on minorities, and on the level of protection and assistance provided to victims of terrorism.

A key impetus for the Directive was UN Security Council Resolution 2178 (2014), which places an overly broad requirement on member states to criminalise offences related to the phenomenon of “foreign terrorist fighters”. The European Court of Justice and the European Court of Human Rights have made clear that a Security Council resolution does not allow a state to violate its human rights obligations.

Today, on 28 November 2016, European Digital Rights (EDRi) co-signed a statement together with over 450 civil society organisations. In the statement, civil society from both Europe and Canada express concerns about the Comprehensive Economic and Trade Agreement (CETA) and therefore call for its rejection. CETA should be renegotiated, but for that to happen, there must be political will to do so.

We, the undersigned civil society organisations from Canada and Europe, hereby express our deep concern about the Comprehensive Economic and Trade Agreement (CETA) between the EU and Canada. During the long process of the deal’s negotiations and legal check, we repeatedly pointed out major problems with the CETA text. We provided concrete inputs, which could have triggered a shift towards a more transparent and democratic trade policy with the protection of the environment and people’s fundamental rights at its core. But our concerns have not been addressed in the CETA as signed in October 2016. This is why we are stating our firm opposition to the ratification of the agreement.

Our objections are shared by a growing number of citizens on both sides of the Atlantic. A record 3.5 million people from all over Europe have signed a petition against CETA and its twin agreement, the EU-US Transatlantic Trade and Investment Partnership.[i] Over 2,100 local and regional governments have declared themselves TTIP- and CETA-free.[ii] Constitutional challenges against CETA have been filed in Germany[iii] and Canada [iv] and the legality of CETA’s controversial privileges for foreign investors will likely be ruled on by the Court of Justice of the European Union.[v]

On both sides of the Atlantic, farmers, trade unions, public health, consumer, environmental and digital rights groups, other NGOs, as well as small and medium-sized enterprises (SMEs) have rejected the agreement.[vi] In October 2016, concerns in four sub-federal Belgian governments about the agreement’s negative impacts, and, in particular, its dangerous “investment court system”, nearly stopped their federal government from signing CETA.

Despite the controversy, the Canadian government and the EU institutions are trying to expedite CETA’s ratification. In Canada, legislation that would bring the agreement into force has already been introduced, without allowing time for any public consultation on the final agreement. The European Parliament also seems set to cut short its internal consultation processes, thereby limiting debate over ratifying the 1,600-page-long CETA text. After that, large parts of the agreement would be brought into force provisionally – long before the parliaments of all 28 EU member states have had their say.

To gain support for CETA ratification and allay concerns, numerous declarations have been attached to the text in the past months. But not a letter of the CETA text has been changed since its final version was published in early 2016. And the accompanying statements, including an EU-Canada “Joint Interpretative Instrument”, do nothing to fix the problems arising from the problematic CETA text, as experts have demonstrated.[vii]

We wish to highlight some of our fundamental concerns about the agreement as signed:

CETA would empower thousands of corporations to sue governments over legitimate and non-discriminatory measures to protect people and the planet. Nothing in the agreement or the accompanying declarations would stop corporations from using CETA’s investor rights to bully decision-makers away from public interest regulation, for example to tackle climate change. CETA even leaves the door open to “compensating” corporations for unrealised future profits when a change in policy affects their investment. Far from “radically” reforming the investor-state dispute settlement process, CETA expands and entrenches it.[viii]

CETA’s Investment Court System (ICS) grants highly enforceable rights to investors – but no corresponding obligations. It does not enable citizens, communities or trade unions to bring a claim when a company violates environmental, labour, health, safety, or other rules. It risks being incompatible with EU law as it establishes a parallel legal system, allowing investors to circumvent existing courts. The ICS is discriminatory because it grants rights to foreign investors that are neither available to citizens nor to domestic investors.[ix]

In stark contrast to the rights for corporations, CETA’s provisions on labour rights and sustainable development cannot be effectively enforced through sanctions. They remain empty statements with no bearing on the dangers that other chapters in the agreement pose to workers’ rights, environmental protection and measures to mitigate climate change.[x]

CETA severely limits governments’ ability to create, expand, and regulate public services and reverse failed liberalisations and privatisations. CETA is the first EU agreement which makes the liberalisation of services the rule and public interest regulation the exception. This threatens people’s access to high-quality services such as water, transport, social and health care, as well as attempts to provide public services in line with public interest goals.[xi]

An independent study of CETA’s economic impacts predicts jobs would be lost in both Canada and Europe, economic growth would be slower than without the deal, and the rather small income gains would go overwhelmingly to capital owners – not workers. As a result, inequality is expected to be higher under CETA than without the agreement.[xii]

CETA makes Canada and the EU more vulnerable to financial crises by further liberalising financial markets and severely restricting reforms aimed at removing key causes of financial instability and ensuring better protection of consumers and the economy as a whole.[xiii]

CETA would drive up Canadian prescription drug costs by at least Can$850 million per year (€583 million). It would negatively impact fundamental rights, such as the right to privacy and data protection and limit the EU’s and Canada’s ability to roll back excessive intellectual property rights (IPR) that limit access to knowledge and innovation. Some of CETA’s IPRs resemble closely the text of the Anti-Counterfeiting Trade Agreement (ACTA), which was rejected by the European Parliament in 2012.[xiv]

CETA’s rules on regulatory cooperation and domestic regulation will put additional burdens on regulators and strengthen the role of corporate lobbyists in the policy-making process, potentially undermining much-needed public interest policy-making.[xv]

On both sides of the Atlantic, CETA would expose farmers to competitive pressures that undermine their livelihoods with little gain to consumers; increase corporate control over seeds; obstruct buy-local food policies; and threaten high food processing and production standards, undermining efforts to boost sustainable agriculture.[xvi]

Precautionary measures to protect consumers, public health and the environment could be challenged under CETA based on claims that they are overly burdensome, not “science based” or are disguised trade barriers. Nothing in the CETA text or accompanying declarations effectively protects the role of the precautionary principle in European regulatory policy, while some sections even refer to conflicting principles.[xvii]

CETA is the result of a largely secret negotiation process between the previous Canadian government and the previous European Commission. The final CETA text and accompanying declarations ignore almost all of the reasonable and very specific amendments proposed by civil society [xviii] to address the flaws of the agreement. The most recent attempts to re-open the negotiations, by the government of the Walloon region in Belgium, were blocked. Now, only a ‘take it or leave it’, yes or no vote on the 1,600-page agreement is possible.

We urge:

the European Parliament, the Canadian Parliament, as well as national, provincial and regional parliaments, which have a say in the ratification, to defend the rights and interests of the people they represent against the threats posed by CETA by voting against the ratification of the agreement;

the many municipal and other regional and provincial governments that have raised concerns over CETA to make their voices heard in the ratification process;

these parties to begin a thorough, democratic consultation, including of civil society, on the foundations of a new, fair and sustainable trade agenda.

As it stands, CETA is not a progressive trade deal. It would be a mistake to adopt this treaty with its many worrying provisions as a model for agreements to come. CETA is a backward-looking and even more intrusive version of the old free trade agenda designed by and for the world’s largest multinationals. We need a paradigm shift toward a transparent and inclusive trade policy founded on the needs of people and our planet. Ratifying CETA will take us many steps further away from this much needed change.

[iii] Information on the constitutional challenge against CETA at Germany’s constitutional court

[iv] Constitutional challenge against CETA at the Federal Court of Canada

[v] See, for example: Investment Court System in CETA to be judged by the ECJ

[vi] See, for example: Civil society groups call on European governments to reject the CETA agreement; Joint Canadian Trade Union statement on CETA; Small and medium-sized enterprise from across Europe call on European governments to reject the CETA agreement

[vii] See, for example: The Great CETA swindle; The EU-Canada Joint Interpretive Declaration/Instrument on the CETA; CETA to be signed unchanged, but less likely to be ratified after Wallonian resistance

[viii]See, for example: CETA – Trading away democracy

[ix] See, for example: The Zombie ISDS. Rebranded as ICS, rights for corporations to sue states refuse to die

[xiii] See, for example: “The financial services chapter: Inflating bank profits at the expense of citizens”, in Making sense of CETA

[xiv] See, for example: ACTA-CETA similarities; Trade and Privacy: Complicated bedfellows? How to achieve data protection-proof free trade agreements?; and “Patents, copyright and innovation” and “Canada-specific concerns”, in Making sense of CETA

[xv] See, for example: “Limiting how and what government regulates” and “More cooperation for less regulation”, in Making sense of CETA; and CIEL letter to Minister-President Magnette

[xvi] See, for example: “CETA’s threat to agricultural markets and food quality”, in Making sense of CETA

[xvii] CETA, TTIP and the EU precautionary principle

[xviii] For examples of specific amendments put forward by trade unions and environmental organisations, see: Protocol on Dispute Settlement and Institutional Mechanisms for the trade and sustainable development and trade and labour provisions; Understanding on the Provision of Public Services and Procurement; Protocol on Investment Protection; Understanding on the Precautionary Principle; BUND proposals for amendments on public services, the precautionary principle and the promotion of renewable energy.

Today, on 25 November 2016, German blog Netzpolitik.org in association with Greenpeace published new leaked documents concerning the Trade in Services Agreement (TiSA), a “trade” agreement that is currently being negotiated between 23 members of the World Trade Organisation (WTO), including the European Union.

The new leaks confirm the problems identified in previous leaks, including serious threats to freedom of expression and protection of personal data of European citizens.

The proposals on privatised censorship are particularly worrying

said Joe McNamee, Executive Director of European Digital Rights (EDRi).

Creating a power to undermine our free speech with no accountability is reckless and contrary to literally all relevant provisions of international law.

In September 2016, Wikileaks and Greenpeace Netherlands published other documents on TiSA. In the light of today’s leaks, what’s new from a civil liberties perspective?

Liability protections: while having provisions to promote freedom of expression will be a step forward, the latest US made a proposal in TiSA which does not respect the rule of law and would remove rights to freedom of expression. The proposal is that internet companies would not be liable for any damage caused by voluntary restrictions of individuals’ free speech if they undertake such restrictions “in good faith” because they feel that the communications are “harmful or objectionable”. The proposal even extends to when this damage is caused implementing regulation-by-algorithm – in other words when using technical means, such as automatic filtering, to do so. This would privatise the regulation of the human right to receive, impart and seek information. It would almost inevitably lead into privatised censorship of completely legal information by governments (through pressures to online companies), or online companies themselves (acting in their own commercial interest).

Net neutrality: The EU had taken a step towards the right direction and proposed some improvements to the text on net neutrality, the principle that all the internet traffic has to be treated equally, which is crucial for fair competition between online services, for innovation, and for freedom of expression. The leaks show that the US and Colombia proposal officially oppose these improvements. The US has net neutrality rules and this position was taken before the elections. Why hasn’t it supported the EU here?

Data flows: The leaks show that the pressure to include “data flows” and “free flow of data” in the agreement is persistent. The European Commission announced previously that data protection will be left out of TiSA. However, the European Commission Directorate General for Trade (DG Trade) has stated that they will ensure free data flows and provisions against data localisation. Bringing these topics into the discussions will almost inevitably bring data protection and privacy onto the negotiation table.

A big coalition of organisations around the world is worried about the proposals in the draft core text, the e-commerce, telecommunications, financial services and localisation annexes of TiSA. These leaks are not reassuring.

TiSA is being negotiated formally since March 2013. A Ministerial Meeting to conclude the talks was scheduled on 5-6 December. The meeting has been cancelled due to outstanding issues and the recent developments in the US.

The European Commission proposed the Draft Directive on Combating Terrorism (the “Terrorism Directive”) in December 2015. Since then, the legislative process to adopt it has been fast-tracked, which reduces the space for meaningful public participation, transparency and accountability.

The Directive is expected to be finalised by the end of 2016. On 17 November, the Council of the European Union, the European Parliament and the European Commission concluded the so-called “trilogue“. This means that a political agreement has been reached among the very few people representing the three institutions. Next, both the Council and the Parliament will have to formally adopt the Directive. Amendments are possible, in theory. However, their adoption will be in practice close to impossible. After the Directive is finalised in Brussels, EU Member States will have to give meaning to vague and unclear wording when implementing the Directive.

If changes are not introduced in the Terrorism Directive, abuses to freedom of expression and privacy will be made in your Member State!

EDRi doesn’t give up and keeps pushing for a human rights agenda in the Terrorism Directive. In this document pool, you will find the relevant information, documents and analyses of the Terrorism Directive. We’ll update this document pool as the process advances. Last update: 30 November 2016.